Unix/Linux Downloader Cache limitations - There is currently no easy way to see what is in the cache in order to determine if it is already downloaded. Having a cached True/False column on the fixlet tab would be great. If a patch is not cached and it is deployed, it never fails, it just waits for pending download and the operator has no idea why.
Long Term Action Reporting - You need to delete actions in the console to keep Bigfix moving efficiently, because the more actions you have the slower the console gets. Once you delete those actions you cannot easily report on them. There should be an option in Web Reports to report on deleted actions so you can do history reporting.
Nested Baselines or “right-click/take default action” dialogue when you highlight multiple baselines that are applicable.
Add a description field in the console operators tab - We use userID’s as our login so we never know who the user actually is without cross referencing with our corporate directory.
Add a description field when creating a user with the Bigfix Admin tool – same reason as above.
User groups in the console operator’s tab is badly needed, so we can associate sites or apply permissions to the groups rather than the users.
Lost Password and Account Management – When a user loses a password, you need to delete and reprovision the account again. There needs to be more integration between the different products and between LDAP/AD. Being able to disable UserID’s is also needed.
8)A more formal way to perform scheduled maintenance windows. We have worked something up using Action Script and Relevance, but this should be a formal option of the product in the future. If anyone wants this code, let me know?
NMap – since we do not use dynamic DNS we never see the hostname on the Unmanaged Assets tab. It would be great to have a option to run nbtstat –NA to update this information in Bigfix.
Console Operators - Assign Permissions - Relevance - We assign permissions based on property value, even before that value may exist. We would like to see relevance language be part of the console operator assign permissions, so we do not need to create a temporary value each time we are assigning permissions to another user.
Allow roaming profiles or at least exportable settings for the console - Moving from one console to another can be a bear with setting this up all over again. I need to configure each column/property, in the computer tab for each environment. Doing that is painful because you have to drag the columns. It would also be nice to have a list with up and down arrows to sort these columns. Both of these should be enhancement requests.
Task to insert scheduled reboot through task scheduler does not show if a scheduled task has already been created. - Problem is, you can run this 1000 times and it will create a thousand restart times. It should check to see if it ran before.
More efficient relay selection – This is a huge problem for us. We are forced to use manual relay selection at this point because the way that Bigfix is doing relay selection. Bigfix uses hop count to determine which relay is closest. So hop count of 4 with an average response time of 250ms is thought to be better than a hop count of 5 with an average response time of <1ms. This has caused us problems on our WAN links and will become an even bigger issue was we continue to expand. This is also going to restrict desktop patching which is a future opportunity for Bigfix to expand within our company. Bigfix should choose relays more like McAfee does it, where the average response time of ping is used to determine the relays list, and the list is provided in the log so you can see 1 through ______ relay scores.
Locking Actions and Sites - Two fold, I would like to see something in Bigfix were I can lock an action so it is not accidently deleted (for example our Linux sync jobs). I would also like to be able to take an action on a task or fixlet in once site and select another site in which that action can be run. For example, I would like to run our Linux sync jobs in the “Policies” site we created.
This is a good list… I can give quick responses on some of them… note that we have a full development schedule and so I have to be careful not to commit us to these changes (or I will get myself in trouble), but I think a little extra background is helpful:
Unix/Linux Downloader Cache limitations - We are looking at ways to improve the manageability of the caches in our next major version and hopefully some of our proposed changes will help out… Also, we are looking for ways to incorporate the download cachers into the product to make your lives easier…
4 / 5) Add a description field in the console operators tab - Maybe for now you can use the “email” field? I believe you can put just about anything in that field
Lost Password and Account Management – I think we agree although it means that we need to re-architect things a bit and move to a model where we will be slightly more vulnerable from the server because it will be somewhat in charge of dealing with users and accepting passwords (which many people are comfortable with because many systems work this way). But in the meantime, you can consider assigning new users with a specific known password and then securely archiving their key. You can then send them the key and they can change the password (or you can change it for them). If they forget their password, you can get the old archived key and use the old password rather than re-making their account.
A more formal way to perform scheduled maintenance windows – we have been talking about this… we probably would just add a wizard to allow you to define maintenance windows in an easy way and it would work similar to what you have now.
NMap – Interesting request… do you know if NMAP itself has this option available?
Task to insert scheduled reboot – Perhaps you can just add some logic to the relevance to avoid restarting if the computer has restarted in the last X hours? ( uptime of operating system > 4* hour)
More efficient relay selection – We are very reluctant to do this because we know it will give bad results (and perhaps worse than bad because its results can in “random” ways as latency changes often) in many of our customer environments. We spoke about this in a previous post: http://forum.bigfix.com/viewtopic.php?id=976 (have you had a chance to explore relay affiliation?)
Locking Actions and Sites - For now, you might consider making a separate operator to achieve some of these benefits?
I passed these requests on to our product management and dev teams for review… Thanks for sending these our way…
4/5) We do use the email field to put in names when people in our company have named email accounts, otherwise it is just @company.com. Having a description field in the console operators tab of the console would be really helpful.
I am glad to hear you are working on something regarding this issue. Good advice.
Great to hear
I worked with a Bigfix pre-sales engineer and did some research myself but did not find a way in NMap to do this. It would be great to add this to Bigfix, as a right click option. Example: Translate computer name based on IP using nslookup or nbtstat -NA , then this will update that list right in Bigfix.
Sorry, let me clarify this one. What I am referring to is the task in Bigfix called “Automatically Restart Stopped BES Clients Using TaskScheduler”. You can run this task as many times as you like, and it still shows up as relevant. I have tested this and noticed that the job is created on my dev machine many times because of this. I can modify this to check, but I figure I would let Bigfix know so they can change it because I’m sure other customers run into the same problem.
This is our biggest problem right now. Even though latency may change, average response time is a far better way of determining what relay is closest in our environment. Hop count often never changes, so we get consistent bad result using this technology. When we setup automatic relay selection, half of our machines ended up going to a small site in Arkansas because it has a hop count of 4 in most places, which is a lower hop count than even most local large sites, and it ended up flooding the WAN links in Arkansas when we deployed patches. This is a slow WAN link. I’ve used McAfee in the past and they have excellent relay selection, which is done from average response time. Here is how it works: https://kc.mcafee.com/corporate/index?page=content&id=KB55685 I would really like to see Bigfix offer this as an alternative option to automatic relay selection using hop count. The relay affiliation is something that I have reviewed, and even though it slightly helps, it still involves a lot of manual effort, and does not get away from the hop count automatic relay selection problem. We have over 10,000 different subnets, so this is a mess for us, and manual relay selection is time consuming as we expand.
As a master operator I can stop another master operator’s action, so that doesn’t work. We need a way to lock or a way to pull Master Operator out of a custom site.
Extra - We have had users ask if Bigfix is going to be supporting HP-UX individual patches on top of the already available bundles, as well as Ubuntu Linux patches?
#13 A good example, relating this to the real world is:
You are driving your car across the country. If I said, choose the path you would rather use, which one would you choose?
The quickest highways/roads with 5 traffic lights.
highways/roads with unknown speeds with 4 traffic lights.
Using hop count for path selection is like a GPS system using the least amount of traffic lights or turns to determine the quickest path to your destination except that it is exponentially made worse with millions of packets, thousands of machines and time.
We’re getting a lot of NetBooks (education) and are looking at tracking them and having some inventory ability to begin with.
Has the topic come up again or is this one on the backburner. Even if it’s 6 month or a year down the road that would be better than our current options.
Ubuntu is very similar to our Linux agents and I have heard that some people have hacked around in the BigFix Agent installer for Linux and made it work on Ubuntu. The downside of course is that this isn’t officially supported, but you might contact BigFix Professional Services and they might be able to work out some sort of project to give you visibility on those computers in some form…